Overview

overview

10

Static

static

1

ASSIGNED.exe

windows7_x64

7

ASSIGNED.exe

windows10-2004_x64

7

DHL_RECE.exe

windows7_x64

10

DHL_RECE.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6f1d138c47c7316460a6af976b2b6d9d6ee2387a6a256c0de6297a55336add5b

  • Size

    1.4MB

  • Sample

    220520-qblygachc6

  • MD5

    3566f6a0dd4a6d8f61306ca3b007066e

  • SHA1

    960d4e9116fea04b5cc8dd931aecab3401a30144

  • SHA256

    6f1d138c47c7316460a6af976b2b6d9d6ee2387a6a256c0de6297a55336add5b

  • SHA512

    c350aa9e3e493a6ff0017a3a9536568a2432d6cfd8a5da44d04299e18383c5cb2d94f5549ff20f2389c6b723c5df52d84bf4560cce58566888f3fae99e38e683

Score
10/10
netwirebotnetcollectionratstealer

Malware Config

Targets

    • Target

      ASSIGNED.EXE

    • Size

      481KB

    • MD5

      ae51edf78e690c95c8660fc9a26fd0e7

    • SHA1

      d62b3a89f7a34886cd0e5aab89b56eba0f7b5a03

    • SHA256

      9b5025d4f9cc6a69eff210cb9c6a2571fbb82820bba57b174eead2fad4b50dfa

    • SHA512

      5212f53b96b4d88e3ce5ff4c1a9e2dc5b1d3a5be0e1aa9f7e3c49c8fc63c847eb67830d889962c3b1a5a4474d17af10ce3493c922a35fb415c9653054bf18f60

    Score
    7/10
    collection

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

    • Target

      DHL_RECE.EXE

    • Size

      381KB

    • MD5

      a003c2bb955b2caab13a30f8e8827f09

    • SHA1

      0a716bed3e668c0276910851465adb4fde6c0a49

    • SHA256

      2936937ebeead6d1c9b62739331fd975248e2998fcf13c94ee817bbfe501a64b

    • SHA512

      8e57ae74646718ca9ca60977daf132108f130dcc68771014e81cb38502f1f26335fcc251eaea5fafcdf3a55ba5f71758f86e24d44f349d31f7022acbcd7e232b

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks